Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.

Global Accelerated Learning • Est. 1999
Glossary Term Sigma Rules

Training Camp • Cybersecurity Glossary

What is Sigma Rules?

Sigma is an open YAML-based detection rule format converted to any SIEM query language, enabling vendor-neutral sharing of log-based detections.

Glossary > Security Operations > Sigma Rules

Understanding Sigma Rules

Sigma is an open, generic, YAML-based signature format for describing log-based detections in a vendor-neutral way. An analyst writes a detection rule once and uses a converter to translate it into the native query language of a specific SIEM, such as Splunk SPL, Microsoft KQL, or Elastic Query DSL. This portability makes Sigma a common standard for sharing and collaborating on detection content across the security community.

Learn More About Sigma Rules:

Ready to Get Certified?

Turn knowledge into credentials with our instructor-led cybersecurity boot camps.

View All Courses →